Due to the existence of a forwarding loop in an IP network, a message may be forwarded endlessly in the loop, and a lot of resources may be consumed. In view of this, a TTL field is set in an IPv4 (Internet Protocol Version 4) header, and a Hop Limit field is set in an IPv6 header. Lengths, functions and processing of the two fields are totally identical. A processing procedure will be described taking the TTL field as an example.
When a host creates an IPv4 message, an initial value, which is a numerical value between 0 and 255, is allocated to the TTL field of the message. In the Linux (an operating system), the initial value is 64 by default, and in the Windows (an operating system from the Microsoft Corporation), the initial value is 128 by default. When a router receives such an IPv4 message described above, it checks the value of the TTL field prior to forwarding the message. If the value of the TTL field is zero, the message is discarded. If the value of the TTL field is not zero, the value of the TTL field of the message is decreased by one, and then the message is forwarded. Thus, if the forwarding loop exists in a network, the message will discarded in the loop when the TTL is decreased to zero, so that the message would not be forwarded endlessly in the loop.
The security of a network or a network node can be protected effectively using the above characteristics of the TTL.
In the prior art, there is provided a method for realizing backbone network security protection using TTL partition, i.e., a TPSM (TTL Partition Security Mechanism) method.
A basic assumption of the TPSM is that a backbone network device needs not to interact directly with a user, but only forwards a message from the user without processing through any protocol above the IP layer. If the message comes from the user, and the message is destined for the backbone network device, the backbone network device can directly discard the message.
The TPSM divides a network into a carrier network and a customer network, where the carrier network is consisted of a P (P Router, a core router of a carrier) device and a PE (Provider Edge, an edge router of the carrier network) device. The PE is connected either directly to the customer network (such as an enterprise network) or via a Layer-2 network to the customer network or a customer host, such as an ADSL (Asymmetric Digital Subscriber Loop), and the P device is a backbone of the carrier network, and responsible for connecting PE routers.
A TrustRadius can be defined for a device, which refers to a maximum number of hops from another device trusted by that device. The TPSM divides the TTL into a high segment and a low segment, where the high segment ranging from 255 to 255-TrustRadius is allocated to the backbone network of the carrier, and a TTL of a message communicated between the PE device and the P device of the backbone network can only be within this range, and an initial value for the TTL of a message communicated in the backbone network is set as 255. If a P or PE router finds that the TTL of a message destined for the P or PE router is less than 255-TrustRadius, this message is regarded as being from a customer network, and is discarded directly; if the TTL of the message is greater than 255-TrustRadius, a corresponding processing can be performed.
Since the TTL of a message from a customer network can be greater than 255-TrustRadius, the P router of the backbone network may wrongly receive this message. To avoid this situation, at the edge of the backbone network, i.e. on the PE device, the TTL of a message of the backbone network can be decreased to a value less than 255-trustRadius, i.e. a maximum TTL_USER_MAX for the TTL of a message of the customer network. This value is typically greater than 128, so that the effect on the network due to the above situation can be decreased to a relatively low level.
In the prior art, the TPSM divides a network into a customer network and a carrier network, treating the carrier network as a whole. Actually, networks for serving a customer may involve numerous carrier networks between which there are various relationships. Particularly, a carrier network may provide another carrier network with a backbone network connection, in which case the latter carrier network is a carrier for its customers, while it is a customer of the carrier network which provides it with a backbone network connection. This is generally referred to as a CsC (Carrier's Carrier), and in the CsC, a carrier providing a VPN (Virtual Private Network) service is referred to as a wholesale carrier, and a carrier that uses a wholesale service is referred to as a subordinate carrier.
The above TPSM can be implemented individually in a wholesale carrier network A without any adverse effect on the network.
However, if the TPSM is implemented individually in a subordinate carrier, for example, in a subordinate carrier network B, then the network B shall determine whether to take the wholesale carrier network A as a customer network or merely as a P device. If the A is taken as a customer network, the TPSM can only be implemented individually in each site within the network B. As a result, devices at different sites within network B cannot communicate directly, which would be not acceptable. If the A is taken as a P device, then for a P device within the network A, the same message TTL processing rule(s) shall be enforced as for a P device within the network B, which in fact would be impossible, since a wholesale carrier network may provide several subordinate carriers with wholesale services at the same time, and some of the subordinate carriers may have already realized the TPSM while others have not. Parameters may not be totally the same even if the TPSM has been realized in all of the subordinate carriers.
In the prior art, there is no effective solution to implement the TPSM simultaneously in both a wholesale carrier network and a subordinate carrier network.